Cisco Systems IC-23 manual Filtering by MAC Address and Vendor Code, IC-52

Page 30

Configuring LAN Interfaces

Configuring a LAN Extender Interface

The major reason to create access lists on a LAN Extender interface is to prevent traffic that is local to the remote Ethernet LAN from traversing the WAN and reaching the core router. You can filter packets by MAC address, including vendor code, and by Ethernet type code. To define filters on the LAN Extender interface, perform the tasks described in one or both of the following sections:

Filtering by MAC Address and Vendor Code

Filtering by Protocol Type

Note When setting up administrative filtering, remember that there is virtually no performance penalty when filtering by vendor code, but there can be a performance penalty when filtering by protocol type.

When defining access lists, keep the following points in mind:

You can assign only one vendor code access list and only one protocol type access list to an interface.

The conditions in the access list are applied to all outgoing packets from the LAN Extender.

The entries in an access list are scanned in the order you enter them. The first entry that matches the outgoing packet is used.

An implicit “deny everything” entry is automatically defined at the end of an access list unless you include an explicit “permit everything” entry at the end of the list. This means that unless you have an entry at the end of an access list that explicitly permits all packets that do no match any of the other conditions in the access list, these packets will not be forwarded out the interface.

All new entries to an existing list are placed at the end of the list. You cannot add an entry to the middle of a list.

If you do not define any access lists on an interface, it is as if you had defined an access lists with only a “permit all” entry. All traffic passes across the interface.

Filtering by MAC Address and Vendor Code

You can create access lists to administratively filter MAC addresses. These access lists can filter groups of MAC addresses, including those with particular vendor codes. There is no noticeable performance loss in using these access lists, and the lists can be of indefinite length.

You can filter groups of MAC addresses with particular vendor codes by creating a vendor code access list and then by applying an access list to an interface.

To create a vendor code access list, use the following command in global configuration mode:

Command

Purpose

 

 

access-listaccess-list-number

Creates an access list to filter frames by canonical (Ethernet-ordered) MAC

{permit deny} address mask

address.

 

 

Note Token Ring and FDDI networks swap their MAC address bit ordering, but Ethernet networks do not. Therefore, an access list that works for one medium might not work for others.

Cisco IOS Interface Configuration Guide

IC-52

Page 29 Page 31
Image 30
Page 29 Page 31
Contents Configuring an Ethernet or Fast Ethernet Interface IC-23Ethernet and Fast Ethernet Interface Configuration Task List IC-24Specifying an Ethernet or Fast Ethernet Interface Specifying an Ethernet Encapsulation MethodIC-25 Specifying the Media and Connector Type Specifying Full-Duplex OperationIC-26 Configuring Fast Ethernet 100BASE-T Extending the 10BASE-T CapabilityIC-27 Configuring PA-12E/2FE Port Adapter IC-28Configuring the PA-12E/2FE Port Adapter IC-29IC-30 Monitoring and Maintaining the PA-12E/2FE Port Adapter IC-31IC-32 Configuring Fast EtherChannel Configuring the 100VG-AnyLAN Port AdapterIC-33 Fast EtherChannel Configuration Task List IC-34Configuring the Port-Channel Interface IC-35Configuring the Fast Ethernet Interfaces IC-36Configuring a Fiber Distributed Data Interface IC-37Using Connection Management Information IC-38Fddi Configuration Task List Specifying a FddiIC-39 Enabling Full-Duplex Mode on the Fddi Enabling Fddi Bridging EncapsulationIC-40 Controlling the Transmission Timer Setting the Token Rotation TimeSetting the Transmission Valid Timer Modifying the C-Min TimerSetting the Bit Control Modifying the TB-Min TimerModifying the Fddi Timeout Timer Controlling SMT Frame ProcessingStarting and Stopping Fddi Setting Fddi Frames Per Token LimitControlling the CMT Microcode IC-43Preallocating Buffers for Bursty Fddi Traffic Configuring a Hub InterfaceControlling the Fddi SMT Message Queue Size IC-44Disabling or Enabling the Link Test Function Enabling a Hub PortDisabling or Enabling Automatic Receiver Polarity Reversal IC-45Enabling Source Address Control Enabling Snmp Illegal Address TrapIC-46 Expanded View of the Connection to a Core Router Configuring a LAN Extender InterfaceConnecting a LAN Extender to a Core Router IC-47Upgrading Software for the LAN Extender Installing a LAN Extender at a Remote SiteDiscovering the MAC Address Management of the LAN Extender InterfaceConfiguring the LAN Extender IC-49LAN Extender Interface Configuration Task List Configuring and Creating a LAN Extender InterfaceIC-50 Defining Packet Filters IC-51Filtering by MAC Address and Vendor Code IC-52Controlling Priority Queueing IC-53Controlling the Sending of Commands to the LAN Extender IC-54Restarting the LAN Extender Downloading a Software Image to the LAN ExtenderIC-55 Troubleshooting the LAN Extender IC-56System OK IC-57Configuring a Token Ring Interface IC-58Specifying a Token Ring Interface Token Ring Interface Configuration Task ListDedicated Token Ring Port Adapter Enabling Early Token ReleaseEnabling Token Ring Concentrator Port LAN Interface Configuration ExamplesConfiguring PCbus Token Ring Interface Management Monitoring and Maintaining the PortPA-12E/2FE Port Configuration Examples Ethernet Encapsulation Enablement ExampleFull Duplex Enablement Operation Example IC-61PA-VG100 Port Adapter Configuration Example IC-62Fast EtherChannel Configuration Examples IC-63Fddi Frames Configuration Example IC-64Hub Port Shutdown Examples Hub Configuration ExamplesHub Port Startup Examples IC-65Snmp Illegal Address Trap Enablement for Hub Port Example LAN Extender Enablement Interface ExampleLAN Extender Interface Access List Examples MAC Address Filtering ExampleEthernet Type Code Filtering Example IC-67IC-68

IC-23 specifications

Cisco Systems IC-23 is a robust networking device designed to address the ever-evolving demands of modern enterprises. As part of Cisco's extensive portfolio, the IC-23 serves as an ideal solution for organizations seeking to enhance their network performance, reliability, and scalability.

One of the standout features of the Cisco IC-23 is its high-speed connectivity options. With support for both wired and wireless communications, this device can seamlessly integrate into a wide range of network architectures. It offers multiple Gigabit Ethernet ports, enabling rapid data transfer and facilitating the connection of numerous devices without compromising performance.

Another key characteristic of the IC-23 is its advanced security protocols. Data breaches and cyber threats are persistent concerns in today's digital landscape, and Cisco addresses these challenges head-on with robust security measures. The IC-23 incorporates features such as firewall capabilities, intrusion detection systems, and secure VPN support, ensuring that sensitive information remains protected while traversing the network.

The IC-23 also leverages Cisco's renowned software-defined networking (SDN) capabilities. This technology allows businesses to manage their network resources dynamically, ensuring optimal performance based on real-time demands. As a result, organizations can easily adjust their network configurations to meet fluctuating workloads, enhancing both efficiency and cost-effectiveness.

Scalability is another critical feature of the IC-23, making it an excellent choice for growing companies. Cisco has designed this device to accommodate increasing data traffic without necessitating a complete overhaul of existing infrastructure. This adaptability ensures that organizations can expand their networks smoothly as their operations evolve.

Moreover, the IC-23 supports a variety of network management tools, providing IT teams with the insights needed to monitor performance and troubleshoot issues proactively. Cisco's user-friendly interface simplifies the process of network management, allowing administrators to optimize resources and maintain continuous uptime.

In conclusion, Cisco Systems IC-23 stands out as a highly capable networking solution tailored for modern enterprises. With its high-speed connectivity, comprehensive security features, SDN capabilities, scalability, and intuitive management tools, the IC-23 is well-equipped to meet the demands of today’s digital environments. As organizations continue to navigate the complexities of the digital age, the IC-23 prepares them to thrive in an increasingly interconnected world.
Top Page Image Contents